Vulcan Cyber to Reduce Vulnerability Remediation Gap

Wednesday, May 30, 2018 @ 12:05 PM gHale

Israeli startup Vulcan Cyber unveiled it received $4 million in seed funding for its mission to eliminate the vulnerability remediation gap that exposes enterprises to massive cyber risk.

Backing for the technology platform, which lets security teams gain the insight needed and take the action required to continuously eliminate exposed vulnerabilities in their production systems, comes from YL Ventures with participation from additional cybersecurity investors.

Organizations today are dramatically increasing their pace of change and innovation, adopting agile development and DevOps processes while constantly deploying and upgrading new and innovative applications and technologies. This speed of change coupled with the ever-expanding number of vulnerabilities in today’s enterprise software stack, and hackers who are constantly probing for this “low hanging fruit,” creates a reality of incessant and unrelenting risk. Breaches including Equifax as well as the WannaCry and Petya attacks all exploited known vulnerabilities. Vulcan Cyber’s mission is to eliminate this risk.

By 2020, 99 percent of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year, according to Gartner. Dwell time, the time frame from discovery to prioritization to fix, is months or more in most organizations.

In addition, a Ponemon Institute study, “Today’s State of Vulnerability Response,” found the average enterprise “wastes weeks coordinating teams and manual tasks when remediating a vulnerability.” Delays in discovery and analysis, as well as planning and prioritization of remediation, adds months to dwell time. Many of these delays occur as cross-functional teams struggle to manage remediation while also ensuring business continuity.

The Vulcan Cyber Continuous Vulnerability Remediation platform is all about eliminating the most critical risks caused by vulnerabilities while at the same time avoiding any unexpected impact to business operations. Vulcan’s goal is to reduce dwell time from weeks and months to hours.

Vulcan Cyber’s comprehensive data collection aggregates data from dozens of scanning tools while its advanced exposure analytics deliver insight into the true risk of existing vulnerabilities in the deployed enterprise stack. Vulcan then automatically prioritizes, plans, orchestrates and validates remediation. Vulcan is the industry’s first remediation orchestration engine that coordinates the teams, tools and tasks needed to successfully and rapidly eliminate exposure and risk.

“Enterprises today are experiencing a state of continuous risk exposure,” said Yoav Leitersdorf, managing partner at YL Ventures, who led the Vulcan Cyber funding round. “The speed of change and innovation and volume of constant probes and attacks has simply outpaced the tools and skilled resources IT security teams have.”

IT security and operations teams today rely on dozens of vulnerability assessment and patch management tools and are using manual processes and custom scripting to tie them together.

By automating the collection and integration of all the relevant vulnerability data from these tools across the enterprise IT stack, and correlating this information with risk exposure, Vulcan provides insight that enables continuous evaluation of exposure and prioritization of remediation. Vulcan then orchestrates patch management, IT service management tools and the teams and tasks needed to continuously remediate the most critical exposure in production environments. Vulcan then validates remediation effectiveness and feeds the new data back into the insight engine. Vulcan integrates out of the box with all popular scanning, configuration management and patching tools as well as provides open APIs to connect new scanners, tools and feeds into the platform.

Vulnerabilities are the “dirty” but critical work of IT Security. “It has become almost impossible for CISOs and their teams to understand and manage the significant and systemic risk of vulnerabilities in their production systems, leaving them in a state of continuous exposure,” said Yaniv Bar-Dayan, Vulcan Cyber chief executive and co-founder. “It might sound more glamorous to talk about Zero Day and next generation threats, but vulnerability remediation is truly where the rubber meets the road. The only way to deal with this continuous risk exposure is through continuous remediation, achieved with robust data collection, advanced analytics, automation, and closed loop remediation planning, orchestration and validation.”